Skills
skills/anysearch-ai/anysearch-skill/anysearch/Gen Agent Trust Hub

anysearch

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several bundled scripts to perform its operations, including scripts/anysearch_cli.py, scripts/anysearch_cli.js, scripts/anysearch_cli.ps1, and scripts/anysearch_cli.sh. The agent is instructed to select the appropriate runtime (Python, Node.js, etc.) and execute these scripts with search queries and parameters.
  • [DATA_EXFILTRATION]: Search queries, domain-specific parameters, and target URLs for extraction are sent to the vendor's API endpoint at https://api.anysearch.com/mcp. This communication is the primary purpose of the skill and is documented as using JSON-RPC over HTTPS. API keys are handled via the Authorization: Bearer header.
  • [PROMPT_INJECTION]: The SKILL.md file contains detailed logic for the agent to follow, such as prioritizing vertical searches over general ones and handling 'auto-registered' API keys. These instructions are designed to improve tool performance and manage service quotas rather than bypass security controls.
  • [EXTERNAL_DOWNLOADS]: The README.md provides installation instructions that involve downloading the skill package from the vendor's GitHub repository (anysearch-ai/anysearch-skill). This is standard distribution behavior for third-party skills. The Python implementation also lists requests as a dependency in requirements.txt.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from external web sources.
  • Ingestion points: The extract and search commands in all CLI scripts fetch content and snippets from arbitrary external URLs.
  • Boundary markers: None explicitly implemented within the script output; the agent relies on its own system prompt and the context provided in SKILL.md.
  • Capability inventory: The skill has the capability to write to the .env file (for API keys) and runtime.conf (for state) based on instructions in SKILL.md, and it can execute bundled shell scripts.
  • Sanitization: The CLI scripts act as a pass-through for the API's JSON results and do not perform content sanitization on the retrieved text.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:06 AM
Security Audit — agent-trust-hub — anysearch